I wanted to conduct an experiment today. The main idea was to generate a Nostr account using Passkeys as the entropy source for private key generation.
https://nostr-passkeys-demo.vercel.app
I arrived at a functional solution (though perhaps not the best), but I encountered the issue that Passkeys are tied to domains. In the demo, you can generate a key pair, but it would be "impossible" to generate the same key pair on another site that might implement this system. (such as Nostr clients like Primal, Coracle, etc.)
What do you think? Do you see any improvements? Is it something useful or completely useless? I’m open to criticism; it's entirely experimental.
https://njump.me/nevent1qqsdjwvp54v8tdp87vu4grcvhxsmzzfl4kdtjdj54l9wa4xc6x0q3lspzemhxue69uhhyetvv9ujuurjd9kkzmpwdejhgqgdwaehxw309ahx7uewd3hkcqg5waehxw309aex2mrp0yhxgctdw4eju6t0qgs9nwtdlrvttent8w268cd6zkt4pfhd66duhwsc27htv549kgyt6kgw0acyp
Good work. Can you use a KDF like PBKDF2, Argon2, or HKDF to derive a consistent private key across domains?
Passkeys generate a key pair for each account created. From there, the inputs for the KDF key derivation will inevitably be different. Or did I misunderstand what you meant?
https://notes.neatnik.net/2024/08/passkeys-are-not-passwords
I'm not a passkey expert, but sometimes I learn while I read something like in the article above. I think by design you can't mix/match passkeys with a Nostr keypair.